libsec: fix #3: out-of-bound access in aesXCBCmac (CID 155914)

2017-01-17 21:05:59 +01:00 · 2017-01-17 21:05:59 +01:00 · 04962f0637
parent 90f3d2ce31
commit 04962f0637
1 changed files with 1 additions and 0 deletions
--- a/sys/src/lib/sec/port/aes.c
+++ b/sys/src/lib/sec/port/aes.c
@ -128,6 +128,7 @@ aesXCBCmac(uint8_t *p, int len, AESstate *s)
 	uint8_t q[AESbsize];

 	assert(s->keybytes == 16);	/* more complicated for bigger */
+	assert(s->rounds <= sizeof(s->mackey)/sizeof(uint32_t));
 	memset(s->ivec, 0, AESbsize);	/* E[0] is 0+ */

 	for(; len > AESbsize; len -= AESbsize){